Privacy Policy

GeneWizard (“we,” “us,” or “our”) analyzes raw genetic data from direct-to-consumer genomics companies (23andMe, AncestryDNA) and whole-genome sequencing VCF files. This Privacy Policy describes how we collect, use, and protect your information when you use genewizard.net (the “Service”).

Genetic Data — Raw Files Are Never Stored

When you upload a genotype file, it is parsed entirely in memory. Your raw genetic data is never written to disk, never stored in a database, and is discarded immediately after processing. We do not retain your raw genotype file at any point.

This is a core design principle of GeneWizard, not an afterthought. We believe raw genetic data is too sensitive to persist, so the system was built from the ground up to operate without storing it.

Analysis Results We Store

After processing your upload, we store the following derived results linked to your account so you can access them later:

• Polygenic risk scores (PRS) with percentiles and confidence intervals
• Pharmacogenomic (PGx) diplotypes, phenotypes, and drug guidelines
• SNP-trait association matches
• Blood type determination
• Carrier screening results
• SNPedia variant matches
• Estimated genetic ancestry

These results are interpretive summaries, not raw genetic sequences. They are stored until you choose to delete them.

Account Information

Authentication is handled by Clerk, a third-party authentication provider. Clerk collects and manages your email address, name, and authentication credentials. We do not store passwords or authentication secrets directly. Please refer to Clerk's privacy policy for details on how they handle your account data.

Device & Usage Information

We use Vercel Analytics to collect anonymous usage data, including page views and general device information. This data does not include any genetic information and is used solely to understand how people use the Service and improve the experience.

We do not use third-party advertising trackers or sell usage data.

How We Use Your Information

• Generate your analysis results — the primary purpose of the Service
• Improve the Service — fix bugs, enhance features, and optimize performance using aggregate, non-identifying metrics
• Communicate with you — respond to support requests or notify you of significant changes to the Service

Data Sharing

We do not sell, share, or provide your genetic information or analysis results to any third party. Period.

We use the following service providers to operate the Service:

• Clerk — authentication and account management
• Vercel — frontend hosting and analytics
• Railway — backend hosting and database

These providers process data only as necessary to deliver the Service and are contractually prohibited from using your data for their own purposes. We may disclose information if required by law, but given that we do not retain raw genetic data, we are unlikely to be able to provide such data even if requested.

Data Retention & Deletion

Your analysis results are retained until you delete them. You can permanently delete all of your data at any time from your dashboard. Deletion is immediate and irreversible — we do not retain backup copies of individual user data.

Raw genetic data is never retained. It is discarded from memory as soon as your analysis completes or fails.

Security

All data in transit is encrypted via HTTPS/TLS. Our database is encrypted at rest. Authentication is handled by Clerk with industry-standard security practices. While no system is perfectly secure, we take reasonable measures to protect your information and minimize the data we store in the first place.

Your Rights

You have the right to:

• Delete all your data — available at any time from your dashboard
• Access your results — all of your analysis results are available to you through the Service
• Download your results — PDF reports can be downloaded from your dashboard

If you are a resident of the European Economic Area, the United Kingdom, or California, you may have additional rights under GDPR or CCPA, including the right to request access to, correction of, or deletion of your personal information. To exercise these rights, please contact us at the address below.

Children

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us and we will delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the date at the top of this page. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.